Red Hat Bugzilla – Bug 717338
pem module may attempt to free an uninitialized pointer
Last modified: 2012-08-11 13:18:50 EDT
Description of problem:
When my application attempts to load a private key file, it crashes in pem_CreateObject().
Version-Release number of selected component (if applicable):
Steps to Reproduce:
pem_CreateObject() passes an uninitialized certDER.data to nss_ZFreeIf()
When I cut it down to the bare minimum to try to create a simpler reproducer, I don't get a crash any more, but valgrind at least still flags the errors.
Created attachment 510308 [details]
minimal attempt at a reproducer
Created attachment 510313 [details]
patch for NSS which fixes my application
Nalin, I'm picking up your patch. It will be applied with other I have in the queue. Thanks.
I see the fix is already in rawhide, closing.